mongodb
diff --git a/‎internal/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go‎
Lines changed: 1 addition & 2 deletions b/‎internal/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎…er/connectionsecret/connectionsecrets.go‎ ‎…r/atlasdatabaseuser/connectionsecrets.go‎internal/controller/connectionsecret/connectionsecrets.go renamed to internal/controller/atlasdatabaseuser/connectionsecrets.go
Lines changed: 13 additions & 12 deletions b/‎…er/connectionsecret/connectionsecrets.go‎ ‎…r/atlasdatabaseuser/connectionsecrets.go‎internal/controller/connectionsecret/connectionsecrets.go renamed to internal/controller/atlasdatabaseuser/connectionsecrets.go
Lines changed: 13 additions & 12 deletions
diff --git a/‎…nnectionsecret/connectionsecrets_test.go‎ ‎…asdatabaseuser/connectionsecrets_test.go‎internal/controller/connectionsecret/connectionsecrets_test.go renamed to internal/controller/atlasdatabaseuser/connectionsecrets_test.go
Lines changed: 15 additions & 15 deletions b/‎…nnectionsecret/connectionsecrets_test.go‎ ‎…asdatabaseuser/connectionsecrets_test.go‎internal/controller/connectionsecret/connectionsecrets_test.go renamed to internal/controller/atlasdatabaseuser/connectionsecrets_test.go
Lines changed: 15 additions & 15 deletions
diff --git a/‎internal/controller/atlasdatabaseuser/databaseuser.go‎
Lines changed: 4 additions & 5 deletions b/‎internal/controller/atlasdatabaseuser/databaseuser.go‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎internal/controller/atlasdatafederation/connectionsecrets.go‎
Lines changed: 4 additions & 4 deletions b/‎internal/controller/atlasdatafederation/connectionsecrets.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎internal/controller/atlasdatafederation/datafederation_controller.go‎
Lines changed: 2 additions & 2 deletions b/‎internal/controller/atlasdatafederation/datafederation_controller.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/controller/atlasdatafederation/datafederation_controller_test.go‎
Lines changed: 10 additions & 10 deletions b/‎internal/controller/atlasdatafederation/datafederation_controller_test.go‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎internal/controller/atlasdeployment/advanced_deployment.go‎
Lines changed: 5 additions & 5 deletions b/‎internal/controller/atlasdeployment/advanced_deployment.go‎
Lines changed: 5 additions & 5 deletions
@@ -39,7 +39,6 @@ import (
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/atlas"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/reconciler"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/statushandler"
@@ -142,7 +141,7 @@ func (r *AtlasDatabaseUserReconciler) terminate(
 
 // unmanage remove finalizer and release resource
 func (r *AtlasDatabaseUserReconciler) unmanage(ctx *workflow.Context, projectID string, atlasDatabaseUser *akov2.AtlasDatabaseUser) (ctrl.Result, error) {
-	err := connectionsecret.RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)
+	err := RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)
 	if err != nil {
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotDeleted, true, err)
 	}
 
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package connectionsecret
+package atlasdatabaseuser
 
 import (
 	"context"
@@ -26,6 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/kube"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/stringutil"
@@ -37,7 +38,7 @@ const ConnectionSecretsEnsuredEvent = "ConnectionSecretsEnsured"
 
 func ReapOrphanConnectionSecrets(ctx context.Context, k8sClient client.Client, projectID, namespace string, projectDeploymentNames []string) ([]string, error) {
 	secretList := &corev1.SecretList{}
-	labelSelector := labels.SelectorFromSet(labels.Set{TypeLabelKey: CredLabelVal, ProjectLabelKey: projectID})
+	labelSelector := labels.SelectorFromSet(labels.Set{secretservice.TypeLabelKey: secretservice.CredLabelVal, secretservice.ProjectLabelKey: projectID})
 	err := k8sClient.List(context.Background(), secretList, &client.ListOptions{
 		LabelSelector: labelSelector,
 		Namespace:     namespace,
@@ -48,7 +49,7 @@ func ReapOrphanConnectionSecrets(ctx context.Context, k8sClient client.Client, p
 
 	removedOrphanSecrets := []string{}
 	for _, secret := range secretList.Items {
-		clusterName, ok := secret.Labels[ClusterLabelKey]
+		clusterName, ok := secret.Labels[secretservice.ClusterLabelKey]
 		if !ok {
 			continue
 		}
@@ -98,7 +99,7 @@ func createOrUpdateConnectionSecretsFromDeploymentSecrets(ctx *workflow.Context,
 		if err != nil {
 			return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err)
 		}
-		data := ConnectionData{
+		data := secretservice.ConnectionData{
 			DBUserName: dbUser.Spec.Username,
 			Password:   password,
 			ConnURL:    di.ConnURL,
@@ -107,7 +108,7 @@ func createOrUpdateConnectionSecretsFromDeploymentSecrets(ctx *workflow.Context,
 		FillPrivateConns(di, &data)
 
 		var secretName string
-		if secretName, err = Ensure(ctx.Context, k8sClient, dbUser.Namespace, project.Name, project.ID, di.Name, data); err != nil {
+		if secretName, err = secretservice.Ensure(ctx.Context, k8sClient, dbUser.Namespace, project.Name, project.ID, di.Name, data); err != nil {
 			return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err)
 		}
 		secrets = append(secrets, secretName)
@@ -146,12 +147,12 @@ func removeStaleByScope(ctx *workflow.Context, k8sClient client.Client, projectI
 	if len(scopes) == 0 {
 		return nil
 	}
-	secrets, err := ListByUserName(ctx.Context, k8sClient, user.Namespace, projectID, user.Spec.Username)
+	secrets, err := secretservice.ListByUserName(ctx.Context, k8sClient, user.Namespace, projectID, user.Spec.Username)
 	if err != nil {
 		return err
 	}
 	for i, s := range secrets {
-		deployment, ok := s.Labels[ClusterLabelKey]
+		deployment, ok := s.Labels[secretservice.ClusterLabelKey]
 		if !ok {
 			continue
 		}
@@ -167,7 +168,7 @@ func removeStaleByScope(ctx *workflow.Context, k8sClient client.Client, projectI
 
 // RemoveStaleSecretsByUserName removes the stale secrets when the database user name changes (as it's used as a part of Secret name)
 func RemoveStaleSecretsByUserName(ctx context.Context, k8sClient client.Client, projectID, userName string, user akov2.AtlasDatabaseUser, log *zap.SugaredLogger) error {
-	secrets, err := ListByUserName(ctx, k8sClient, user.Namespace, projectID, userName)
+	secrets, err := secretservice.ListByUserName(ctx, k8sClient, user.Namespace, projectID, userName)
 	if err != nil {
 		return err
 	}
@@ -188,23 +189,23 @@ func RemoveStaleSecretsByUserName(ctx context.Context, k8sClient client.Client,
 	return lastError
 }
 
-func FillPrivateConns(conn deployment.Connection, data *ConnectionData) {
+func FillPrivateConns(conn deployment.Connection, data *secretservice.ConnectionData) {
 	if conn.PrivateURL != "" {
-		data.PrivateConnURLs = append(data.PrivateConnURLs, PrivateLinkConnURLs{
+		data.PrivateConnURLs = append(data.PrivateConnURLs, secretservice.PrivateLinkConnURLs{
 			PvtConnURL:    conn.PrivateURL,
 			PvtSrvConnURL: conn.SrvPrivateURL,
 		})
 	}
 
 	if conn.Serverless {
 		for _, pe := range conn.PrivateEndpoints {
-			data.PrivateConnURLs = append(data.PrivateConnURLs, PrivateLinkConnURLs{
+			data.PrivateConnURLs = append(data.PrivateConnURLs, secretservice.PrivateLinkConnURLs{
 				PvtSrvConnURL: pe.ServerURL,
 			})
 		}
 	} else {
 		for _, pe := range conn.PrivateEndpoints {
-			data.PrivateConnURLs = append(data.PrivateConnURLs, PrivateLinkConnURLs{
+			data.PrivateConnURLs = append(data.PrivateConnURLs, secretservice.PrivateLinkConnURLs{
 				PvtConnURL:      pe.URL,
 				PvtSrvConnURL:   pe.ServerURL,
 				PvtShardConnURL: pe.ShardURL,
 
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package connectionsecret_test
+package atlasdatabaseuser
 
 import (
 	"context"
@@ -28,7 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 )
 
 const (
@@ -72,7 +72,7 @@ func TestReapOrphanConnectionSecrets(t *testing.T) {
 			fakeClient := fake.NewClientBuilder().
 				WithScheme(scheme).
 				WithObjects(tc.objects...).Build()
-			removedOrphans, err := connectionsecret.ReapOrphanConnectionSecrets(
+			removedOrphans, err := ReapOrphanConnectionSecrets(
 				context.Background(),
 				fakeClient,
 				testProjectID,
@@ -96,9 +96,9 @@ func matchingSecrets() []client.Object {
 				Name:      "secret1",
 				Namespace: testNamespace,
 				Labels: map[string]string{
-					connectionsecret.ClusterLabelKey: "cluster1",
-					connectionsecret.ProjectLabelKey: testProjectID,
-					connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
+					secretservice.ClusterLabelKey: "cluster1",
+					secretservice.ProjectLabelKey: testProjectID,
+					secretservice.TypeLabelKey:    secretservice.CredLabelVal,
 				},
 			},
 		},
@@ -108,9 +108,9 @@ func matchingSecrets() []client.Object {
 				Name:      "secret2",
 				Namespace: testNamespace,
 				Labels: map[string]string{
-					connectionsecret.ClusterLabelKey: "serverless2",
-					connectionsecret.ProjectLabelKey: testProjectID,
-					connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
+					secretservice.ClusterLabelKey: "serverless2",
+					secretservice.ProjectLabelKey: testProjectID,
+					secretservice.TypeLabelKey:    secretservice.CredLabelVal,
 				},
 			},
 		},
@@ -124,9 +124,9 @@ func nonMatchingSecrets() []client.Object {
 				Name:      "secret3",
 				Namespace: testNamespace,
 				Labels: map[string]string{
-					connectionsecret.ClusterLabelKey: "cluster3",
-					connectionsecret.ProjectLabelKey: testProjectID,
-					connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
+					secretservice.ClusterLabelKey: "cluster3",
+					secretservice.ProjectLabelKey: testProjectID,
+					secretservice.TypeLabelKey:    secretservice.CredLabelVal,
 				},
 			},
 		},
@@ -136,9 +136,9 @@ func nonMatchingSecrets() []client.Object {
 				Name:      "secret4",
 				Namespace: testNamespace,
 				Labels: map[string]string{
-					connectionsecret.ClusterLabelKey: "serverless4",
-					connectionsecret.ProjectLabelKey: testProjectID,
-					connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
+					secretservice.ClusterLabelKey: "serverless4",
+					secretservice.ProjectLabelKey: testProjectID,
+					secretservice.TypeLabelKey:    secretservice.CredLabelVal,
 				},
 			},
 		},
 
@@ -25,7 +25,6 @@ import (
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/timeutil"
@@ -89,7 +88,7 @@ func (r *AtlasDatabaseUserReconciler) dbuLifeCycle(ctx *workflow.Context, dbUser
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserInvalidSpec, false, err)
 	}
 	if expired {
-		err = connectionsecret.RemoveStaleSecretsByUserName(ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)
+		err = RemoveStaleSecretsByUserName(ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)
 		if err != nil {
 			return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotDeleted, true, err)
 		}
@@ -139,7 +138,7 @@ func (r *AtlasDatabaseUserReconciler) create(ctx *workflow.Context, dbUserServic
 	}
 
 	if wasRenamed(atlasDatabaseUser) {
-		err = connectionsecret.RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Status.UserName, *atlasDatabaseUser, r.Log)
+		err = RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Status.UserName, *atlasDatabaseUser, r.Log)
 		if err != nil {
 			return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotDeleted, true, err)
 		}
@@ -205,7 +204,7 @@ func (r *AtlasDatabaseUserReconciler) readiness(ctx *workflow.Context, deploymen
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.Internal, true, err)
 	}
 
-	removedOrphanSecrets, err := connectionsecret.ReapOrphanConnectionSecrets(
+	removedOrphanSecrets, err := ReapOrphanConnectionSecrets(
 		ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Namespace, allDeploymentNames)
 	if err != nil {
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.Internal, true, err)
@@ -244,7 +243,7 @@ func (r *AtlasDatabaseUserReconciler) readiness(ctx *workflow.Context, deploymen
 	}
 
 	// TODO refactor connectionsecret package to follow state machine approach
-	result := connectionsecret.CreateOrUpdateConnectionSecrets(ctx, r.Client, deploymentService, r.EventRecorder, atlasProject, *atlasDatabaseUser)
+	result := CreateOrUpdateConnectionSecrets(ctx, r.Client, deploymentService, r.EventRecorder, atlasProject, *atlasDatabaseUser)
 	if !result.IsOk() {
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotCreated, true, errors.New(result.GetMessage()))
 	}
 
@@ -24,7 +24,7 @@ import (
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/stringutil"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/datafederation"
@@ -77,7 +77,7 @@ func (r *AtlasDataFederationReconciler) ensureConnectionSecrets(ctx *workflow.Co
 		var connURLs []string
 		for _, host := range connectionHosts {
 			baseURL := fmt.Sprintf("mongodb://%s?ssl=true", host)
-			connURL, err := connectionsecret.AddCredentialsToConnectionURL(baseURL, dbUser.Spec.Username, password)
+			connURL, err := secretservice.AddCredentialsToConnectionURL(baseURL, dbUser.Spec.Username, password)
 			if err != nil {
 				ctx.Log.Debugw("Failed to construct connection URL", "host", host, "error", err)
 				continue
@@ -86,15 +86,15 @@ func (r *AtlasDataFederationReconciler) ensureConnectionSecrets(ctx *workflow.Co
 			ctx.Log.Debugw("Connection URL created", "url", connURL)
 		}
 
-		data := connectionsecret.ConnectionData{
+		data := secretservice.ConnectionData{
 			DBUserName: dbUser.Spec.Username,
 			Password:   password,
 			ConnURL:    strings.Join(connURLs, ","),
 		}
 
 		ctx.Log.Debugw("Creating a connection Secret", "data", data)
 
-		secretName, err := connectionsecret.Ensure(ctx.Context, r.Client, dbUser.Namespace, project.Spec.Name, project.ID(), df.Spec.Name, data)
+		secretName, err := secretservice.Ensure(ctx.Context, r.Client, dbUser.Namespace, project.Spec.Name, project.ID(), df.Spec.Name, data)
 		if err != nil {
 			return workflow.Terminate(workflow.DeploymentConnectionSecretsNotCreated, err)
 		}
 
@@ -37,9 +37,9 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/atlas"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/reconciler"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/statushandler"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/indexer"
@@ -308,7 +308,7 @@ func (r *AtlasDataFederationReconciler) deleteConnectionSecrets(ctx context.Cont
 	log = log.With("projectID", project.Status.ID, "dataFederationName", dataFederation.Spec.Name)
 
 	// We always remove the connection secrets even if the deployment is not removed from Atlas
-	secrets, err := connectionsecret.ListByDeploymentName(ctx, r.Client, dataFederation.Namespace, project.ID(), dataFederation.Spec.Name)
+	secrets, err := secretservice.ListByDeploymentName(ctx, r.Client, dataFederation.Namespace, project.ID(), dataFederation.Spec.Name)
 	if err != nil {
 		return fmt.Errorf("failed to find connection secrets for the user: %w", err)
 	}
 
@@ -34,8 +34,8 @@ import (
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/common"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/status"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/indexer"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/mocks/translation"
@@ -145,19 +145,19 @@ func TestDeleteConnectionSecrets(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{
 						Name: "fooSecret", Namespace: "bar",
 						Labels: map[string]string{
-							connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
-							connectionsecret.ProjectLabelKey: "123",
-							connectionsecret.ClusterLabelKey: "data-federation-name",
+							secretservice.TypeLabelKey:    secretservice.CredLabelVal,
+							secretservice.ProjectLabelKey: "123",
+							secretservice.ClusterLabelKey: "data-federation-name",
 						},
 					},
 				},
 				{
 					ObjectMeta: metav1.ObjectMeta{
 						Name: "keepSecret", Namespace: "bar",
 						Labels: map[string]string{
-							connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
-							connectionsecret.ProjectLabelKey: "123",
-							connectionsecret.ClusterLabelKey: "some-cluster",
+							secretservice.TypeLabelKey:    secretservice.CredLabelVal,
+							secretservice.ProjectLabelKey: "123",
+							secretservice.ClusterLabelKey: "some-cluster",
 						},
 					},
 				},
@@ -167,9 +167,9 @@ func TestDeleteConnectionSecrets(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{
 						Name: "keepSecret", Namespace: "bar",
 						Labels: map[string]string{
-							connectionsecret.TypeLabelKey:    connectionsecret.CredLabelVal,
-							connectionsecret.ProjectLabelKey: "123",
-							connectionsecret.ClusterLabelKey: "some-cluster",
+							secretservice.TypeLabelKey:    secretservice.CredLabelVal,
+							secretservice.ProjectLabelKey: "123",
+							secretservice.ClusterLabelKey: "some-cluster",
 						},
 					},
 				},
 
@@ -28,8 +28,8 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/status"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/secretservice"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/indexer"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/stringutil"
@@ -187,21 +187,21 @@ func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Contex
 			return err
 		}
 
-		data := connectionsecret.ConnectionData{
+		data := secretservice.ConnectionData{
 			DBUserName: dbUser.Spec.Username,
 			Password:   password,
 			ConnURL:    connection.Standard,
 			SrvConnURL: connection.StandardSrv,
 		}
 		if connection.Private != "" {
-			data.PrivateConnURLs = append(data.PrivateConnURLs, connectionsecret.PrivateLinkConnURLs{
+			data.PrivateConnURLs = append(data.PrivateConnURLs, secretservice.PrivateLinkConnURLs{
 				PvtConnURL:    connection.Private,
 				PvtSrvConnURL: connection.PrivateSrv,
 			})
 		}
 
 		for _, pe := range connection.PrivateEndpoint {
-			data.PrivateConnURLs = append(data.PrivateConnURLs, connectionsecret.PrivateLinkConnURLs{
+			data.PrivateConnURLs = append(data.PrivateConnURLs, secretservice.PrivateLinkConnURLs{
 				PvtConnURL:      pe.ConnectionString,
 				PvtSrvConnURL:   pe.SRVConnectionString,
 				PvtShardConnURL: pe.SRVShardOptimizedConnectionString,
@@ -214,7 +214,7 @@ func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Contex
 		}
 
 		ctx.Log.Debugw("Creating a connection Secret", "data", data)
-		secretName, err := connectionsecret.Ensure(ctx.Context, r.Client, dbUser.Namespace, project.Name, deploymentInAKO.GetProjectID(), deploymentInAKO.GetName(), data)
+		secretName, err := secretservice.Ensure(ctx.Context, r.Client, dbUser.Namespace, project.Name, deploymentInAKO.GetProjectID(), deploymentInAKO.GetName(), data)
 		if err != nil {
 			return err
 		}
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@ import (`
`25`	`25`
`26`	`26`	`"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"`
`27`	`27`	`akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"`
`28`		`- "github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/connectionsecret"`
`29`	`28`	`"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/customresource"`
`30`	`29`	`"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/controller/workflow"`
`31`	`30`	`"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/timeutil"`
`@@ -89,7 +88,7 @@ func (r AtlasDatabaseUserReconciler) dbuLifeCycle(ctx workflow.Context, dbUser`
`89`	`88`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserInvalidSpec, false, err)`
`90`	`89`	`}`
`91`	`90`	`if expired {`
`92`		`- err = connectionsecret.RemoveStaleSecretsByUserName(ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)`
	`91`	`+ err = RemoveStaleSecretsByUserName(ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Spec.Username, *atlasDatabaseUser, r.Log)`
`93`	`92`	`if err != nil {`
`94`	`93`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotDeleted, true, err)`
`95`	`94`	`}`
`@@ -139,7 +138,7 @@ func (r AtlasDatabaseUserReconciler) create(ctx workflow.Context, dbUserServic`
`139`	`138`	`}`
`140`	`139`
`141`	`140`	`if wasRenamed(atlasDatabaseUser) {`
`142`		`- err = connectionsecret.RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Status.UserName, *atlasDatabaseUser, r.Log)`
	`141`	`+ err = RemoveStaleSecretsByUserName(ctx.Context, r.Client, projectID, atlasDatabaseUser.Status.UserName, *atlasDatabaseUser, r.Log)`
`143`	`142`	`if err != nil {`
`144`	`143`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotDeleted, true, err)`
`145`	`144`	`}`
`@@ -205,7 +204,7 @@ func (r AtlasDatabaseUserReconciler) readiness(ctx workflow.Context, deploymen`
`205`	`204`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.Internal, true, err)`
`206`	`205`	`}`
`207`	`206`
`208`		`- removedOrphanSecrets, err := connectionsecret.ReapOrphanConnectionSecrets(`
	`207`	`+ removedOrphanSecrets, err := ReapOrphanConnectionSecrets(`
`209`	`208`	`ctx.Context, r.Client, atlasProject.ID, atlasDatabaseUser.Namespace, allDeploymentNames)`
`210`	`209`	`if err != nil {`
`211`	`210`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.Internal, true, err)`
`@@ -244,7 +243,7 @@ func (r AtlasDatabaseUserReconciler) readiness(ctx workflow.Context, deploymen`
`244`	`243`	`}`
`245`	`244`
`246`	`245`	`// TODO refactor connectionsecret package to follow state machine approach`
`247`		`- result := connectionsecret.CreateOrUpdateConnectionSecrets(ctx, r.Client, deploymentService, r.EventRecorder, atlasProject, *atlasDatabaseUser)`
	`246`	`+ result := CreateOrUpdateConnectionSecrets(ctx, r.Client, deploymentService, r.EventRecorder, atlasProject, *atlasDatabaseUser)`
`248`	`247`	`if !result.IsOk() {`
`249`	`248`	`return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.DatabaseUserConnectionSecretsNotCreated, true, errors.New(result.GetMessage()))`
`250`	`249`	`}`